eimadmin.conf File

Purpose

Stores system Enterprise Identity Mapping (EIM) connection information from the eimadmin command.

Description

This file is used to store system Enterprise Identity Mapping (EIM) connection information from the eimadmin command. Use the eimadmin command to create and update this file. The connection information stored by the eimadmin.conf file includes the EIM domain and its controlling server, the identity with which to authenticate (bind) to the server, and the authentication method.

The meanings of the eimadmin.conf file's fields are as follows:

Item Description
LdapURL Specifies the URL and port for the LDAP server controlling the EIM data. This field takes the following format:
ldap://some.ldap.host:389  
ldaps://secure.ldap.host:636
KerberosRegistry Specifies the name of a Kerberos registry.
LocalRegistry EimDomain Specifies the full distinguished name (DN) of the EIM domain. This name begins with ibm-eimDomainName= and consists of the following elements:
domainName
The name of the EIM domain you are creating. For example, MyDomain.
parent distinguished name
The distinguished name for the entry immediately above the given entry in the directory information tree hierarchy, such as o=ibm,c=us. For example:
ibm-eimDomainName=MyDomain,o=ibm,c=us
ConnectionMethod Specifies the method of authentication to the LDAP server. You can select one of the following methods:
  • SIMPLE (bind DN and password). (DEFAULT method).
  • CRAM-MD5 (bind DN and protected password).
  • EXTERNAL (digital certificate).
  • GSSAPI (Kerberos). Uses the default Kerberos credential. The credential must be established using a service such as kinit before running EIM.
BindDn The distinguished name to use for the simple bind to LDAP. For example, cn=admin. The bind distinguished name has one of the following EIM authorities:
  • EIM administrator
  • EIM registries administrator
  • EIM registry X administrator
  • EIM identifiers administrator
BindPassword Specifies the password associated with the bind DN.
SSLKeyFile The name of the SSL key database file, including the full path name. If the file cannot be found, the name of a RACF® key ring that contains authentication certificates is used. This value is required for SSL communications with a secure LDAP host. For example:
 /u/eimuser/ldap.kdb
SSLKeyPassword The password required to access the encrypted information in the key database file. As an alternative, you can specify an SSL password stash file by prefixing the stash file name with file://. For example:
file:///u/eimuser/ldapclient.sth
SSLKeyCert Identifies which certificate to use from the key database file or RACF key ring. If a certificate label is not specified, the default certificate in the file or ring is used.

Example

-> /usr/bin/eimadmin -X -d ibm-eimDomainName='ibm-eimDomainName=MyDomain,o=ibm,c=us'  
           -h 'ldap://keystone.austin.ibm.com:389'  -S 'SIMPLE'-b 'cn=admin'  -w 'secret'
-> cat /etc/eimadmin.conf
EimConfiguration:
        LdapURL="ldap://keystone.austin.ibm.com:389"
        KerberosRegistry=""
        LocalRegistry=""
        EimDomain="ibm-eimDomainName=MyDomain,o=ibm,c=us"
        ConnectionMethod="SIMPLE-b"
        BindDn=""
        BindPassword=""
        SSLKeyFile=""
        SSLKeyPassword=""
        SSLKeyCert=""
->

Location

Item Description
/etc/eimadmin.conf Contains the eimadmin.conf file.